blob: 4334032527ab138a51367c2ed6809e9f77f59e97 [file] [log] [blame]
// Copyright 2013 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/websockets/websocket_stream.h"
#include <utility>
#include "base/logging.h"
#include "base/metrics/histogram_functions.h"
#include "base/time/time.h"
#include "base/timer/timer.h"
#include "net/base/load_flags.h"
#include "net/base/url_util.h"
#include "net/http/http_request_headers.h"
#include "net/http/http_response_headers.h"
#include "net/http/http_response_info.h"
#include "net/http/http_status_code.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "net/url_request/redirect_info.h"
#include "net/url_request/url_request.h"
#include "net/url_request/url_request_context.h"
#include "net/url_request/websocket_handshake_userdata_key.h"
#include "net/websockets/websocket_basic_handshake_stream.h"
#include "net/websockets/websocket_errors.h"
#include "net/websockets/websocket_event_interface.h"
#include "net/websockets/websocket_handshake_constants.h"
#include "net/websockets/websocket_handshake_stream_base.h"
#include "net/websockets/websocket_handshake_stream_create_helper.h"
#include "net/websockets/websocket_http2_handshake_stream.h"
#include "url/gurl.h"
#include "url/origin.h"
namespace {
// Please refer to the comment in class header if the usage changes.
constexpr net::NetworkTrafficAnnotationTag kTrafficAnnotation =
net::DefineNetworkTrafficAnnotation("websocket_stream", R"(
semantics {
sender: "WebSocket Handshake"
description:
"Renderer process initiated WebSocket handshake. The WebSocket "
"handshake is used to establish a connection between a web page "
"and a consenting server for bi-directional communication."
trigger:
"A handshake is performed every time a new connection is "
"established via the Javascript or PPAPI WebSocket API. Any web "
"page or extension can create a WebSocket connection."
data: "The path and sub-protocols requested when the WebSocket was "
"created, plus the origin of the creating page."
destination: OTHER
}
policy {
cookies_allowed: YES
cookies_store: "user or per-app cookie store"
setting: "These requests cannot be disabled."
policy_exception_justification:
"Not implemented. WebSocket is a core web platform API."
})");
} // namespace
namespace net {
namespace {
// The timeout duration of WebSocket handshake.
// It is defined as the same value as the TCP connection timeout value in
// net/socket/websocket_transport_client_socket_pool.cc to make it hard for
// JavaScript programs to recognize the timeout cause.
const int kHandshakeTimeoutIntervalInSeconds = 240;
class WebSocketStreamRequestImpl;
class Delegate : public URLRequest::Delegate {
public:
explicit Delegate(WebSocketStreamRequestImpl* owner) : owner_(owner) {}
~Delegate() override = default;
// Implementation of URLRequest::Delegate methods.
void OnReceivedRedirect(URLRequest* request,
const RedirectInfo& redirect_info,
bool* defer_redirect) override;
void OnResponseStarted(URLRequest* request, int net_error) override;
void OnAuthRequired(URLRequest* request,
AuthChallengeInfo* auth_info) override;
void OnCertificateRequested(URLRequest* request,
SSLCertRequestInfo* cert_request_info) override;
void OnSSLCertificateError(URLRequest* request,
const SSLInfo& ssl_info,
bool fatal) override;
void OnReadCompleted(URLRequest* request, int bytes_read) override;
private:
void OnAuthRequiredComplete(URLRequest* request,
const AuthCredentials* auth_credentials);
WebSocketStreamRequestImpl* owner_;
};
class WebSocketStreamRequestImpl : public WebSocketStreamRequestAPI {
public:
WebSocketStreamRequestImpl(
const GURL& url,
const URLRequestContext* context,
const url::Origin& origin,
const GURL& site_for_cookies,
const HttpRequestHeaders& additional_headers,
std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
std::unique_ptr<WebSocketStreamRequestAPI> api_delegate)
: delegate_(this),
url_request_(context->CreateRequest(url,
DEFAULT_PRIORITY,
&delegate_,
kTrafficAnnotation)),
connect_delegate_(std::move(connect_delegate)),
handshake_stream_(nullptr),
perform_upgrade_has_been_called_(false),
api_delegate_(std::move(api_delegate)) {
create_helper->set_stream_request(this);
HttpRequestHeaders headers = additional_headers;
headers.SetHeader(websockets::kUpgrade, websockets::kWebSocketLowercase);
headers.SetHeader(HttpRequestHeaders::kConnection, websockets::kUpgrade);
headers.SetHeader(HttpRequestHeaders::kOrigin, origin.Serialize());
headers.SetHeader(websockets::kSecWebSocketVersion,
websockets::kSupportedVersion);
// Remove HTTP headers that are important to websocket connections: they
// will be added later.
headers.RemoveHeader(websockets::kSecWebSocketExtensions);
headers.RemoveHeader(websockets::kSecWebSocketKey);
headers.RemoveHeader(websockets::kSecWebSocketProtocol);
url_request_->SetExtraRequestHeaders(headers);
url_request_->set_initiator(origin);
url_request_->set_site_for_cookies(site_for_cookies);
url_request_->SetUserData(kWebSocketHandshakeUserDataKey,
std::move(create_helper));
url_request_->SetLoadFlags(LOAD_DISABLE_CACHE | LOAD_BYPASS_CACHE);
connect_delegate_->OnCreateRequest(url_request_.get());
}
// Destroying this object destroys the URLRequest, which cancels the request
// and so terminates the handshake if it is incomplete.
~WebSocketStreamRequestImpl() override = default;
void OnBasicHandshakeStreamCreated(
WebSocketBasicHandshakeStream* handshake_stream) override {
if (api_delegate_) {
api_delegate_->OnBasicHandshakeStreamCreated(handshake_stream);
}
OnHandshakeStreamCreated(handshake_stream);
}
void OnHttp2HandshakeStreamCreated(
WebSocketHttp2HandshakeStream* handshake_stream) override {
if (api_delegate_) {
api_delegate_->OnHttp2HandshakeStreamCreated(handshake_stream);
}
OnHandshakeStreamCreated(handshake_stream);
}
void OnFailure(const std::string& message) override {
if (api_delegate_)
api_delegate_->OnFailure(message);
failure_message_ = message;
}
void Start(std::unique_ptr<base::OneShotTimer> timer) {
DCHECK(timer);
base::TimeDelta timeout(base::TimeDelta::FromSeconds(
kHandshakeTimeoutIntervalInSeconds));
timer_ = std::move(timer);
timer_->Start(FROM_HERE, timeout,
base::Bind(&WebSocketStreamRequestImpl::OnTimeout,
base::Unretained(this)));
url_request_->Start();
}
void PerformUpgrade() {
DCHECK(timer_);
CHECK(!perform_upgrade_has_been_called_);
// TODO(bnc): Change to DCHECK after https://crbug.com/850183 is fixed.
CHECK(connect_delegate_);
perform_upgrade_has_been_called_ = true;
timer_->Stop();
if (!handshake_stream_) {
// TODO(https://crbug.com/850183):
// Find out why this can happen and make it stop.
ReportFailureWithMessage("No handshake stream has been created.");
return;
}
std::unique_ptr<URLRequest> url_request = std::move(url_request_);
WebSocketHandshakeStreamBase* handshake_stream = handshake_stream_;
handshake_stream_ = nullptr;
// TODO(bnc): Combine into one line after https://crbug.com/850183 is fixed.
std::unique_ptr<WebSocketStream> stream = handshake_stream->Upgrade();
connect_delegate_->OnSuccess(std::move(stream));
// This is safe even if |this| has already been deleted.
url_request->CancelWithError(ERR_WS_UPGRADE);
}
std::string FailureMessageFromNetError(int net_error) {
if (net_error == ERR_TUNNEL_CONNECTION_FAILED) {
// This error is common and confusing, so special-case it.
// TODO(ricea): Include the HostPortPair of the selected proxy server in
// the error message. This is not currently possible because it isn't set
// in HttpResponseInfo when a ERR_TUNNEL_CONNECTION_FAILED error happens.
return "Establishing a tunnel via proxy server failed.";
} else {
return std::string("Error in connection establishment: ") +
ErrorToString(net_error);
}
}
void ReportFailure(int net_error) {
DCHECK(timer_);
timer_->Stop();
if (failure_message_.empty()) {
switch (net_error) {
case OK:
case ERR_IO_PENDING:
break;
case ERR_ABORTED:
failure_message_ = "WebSocket opening handshake was canceled";
break;
case ERR_TIMED_OUT:
failure_message_ = "WebSocket opening handshake timed out";
break;
default:
failure_message_ = FailureMessageFromNetError(net_error);
break;
}
}
ReportFailureWithMessage(failure_message_);
}
void ReportFailureWithMessage(const std::string& failure_message) {
connect_delegate_->OnFailure(failure_message);
}
void OnFinishOpeningHandshake() {
WebSocketDispatchOnFinishOpeningHandshake(
connect_delegate(), url_request_->url(),
url_request_->response_headers(), url_request_->GetSocketAddress(),
url_request_->response_time());
}
WebSocketStream::ConnectDelegate* connect_delegate() const {
return connect_delegate_.get();
}
void OnTimeout() {
url_request_->CancelWithError(ERR_TIMED_OUT);
}
private:
void OnHandshakeStreamCreated(
WebSocketHandshakeStreamBase* handshake_stream) {
// TODO(bnc): Change to DCHECK after https://crbug.com/850183 is fixed.
CHECK(handshake_stream);
handshake_stream_ = handshake_stream;
}
// |delegate_| needs to be declared before |url_request_| so that it gets
// initialised first.
Delegate delegate_;
// Deleting the WebSocketStreamRequestImpl object deletes this URLRequest
// object, cancelling the whole connection.
std::unique_ptr<URLRequest> url_request_;
std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate_;
// This is owned by the caller of
// WebsocketHandshakeStreamCreateHelper::CreateBasicStream() or
// CreateHttp2Stream(). Both the stream and this object will be destroyed
// during the destruction of the URLRequest object associated with the
// handshake. This is only guaranteed to be a valid pointer if the handshake
// succeeded.
WebSocketHandshakeStreamBase* handshake_stream_;
// TODO(bnc): Remove after https://crbug.com/850183 is fixed.
bool perform_upgrade_has_been_called_;
// The failure message supplied by WebSocketBasicHandshakeStream, if any.
std::string failure_message_;
// A timer for handshake timeout.
std::unique_ptr<base::OneShotTimer> timer_;
// A delegate for On*HandshakeCreated and OnFailure calls.
std::unique_ptr<WebSocketStreamRequestAPI> api_delegate_;
};
class SSLErrorCallbacks : public WebSocketEventInterface::SSLErrorCallbacks {
public:
explicit SSLErrorCallbacks(URLRequest* url_request)
: url_request_(url_request) {}
void CancelSSLRequest(int error, const SSLInfo* ssl_info) override {
if (ssl_info) {
url_request_->CancelWithSSLError(error, *ssl_info);
} else {
url_request_->CancelWithError(error);
}
}
void ContinueSSLRequest() override {
url_request_->ContinueDespiteLastError();
}
private:
URLRequest* url_request_;
};
void Delegate::OnReceivedRedirect(URLRequest* request,
const RedirectInfo& redirect_info,
bool* defer_redirect) {
// This code should never be reached for externally generated redirects,
// as WebSocketBasicHandshakeStream is responsible for filtering out
// all response codes besides 101, 401, and 407. As such, the URLRequest
// should never see a redirect sent over the network. However, internal
// redirects also result in this method being called, such as those
// caused by HSTS.
// Because it's security critical to prevent externally-generated
// redirects in WebSockets, perform additional checks to ensure this
// is only internal.
GURL::Replacements replacements;
replacements.SetSchemeStr("wss");
GURL expected_url = request->original_url().ReplaceComponents(replacements);
if (redirect_info.new_method != "GET" ||
redirect_info.new_url != expected_url) {
// This should not happen.
DLOG(FATAL) << "Unauthorized WebSocket redirect to "
<< redirect_info.new_method << " "
<< redirect_info.new_url.spec();
request->Cancel();
}
}
void Delegate::OnResponseStarted(URLRequest* request, int net_error) {
DCHECK_NE(ERR_IO_PENDING, net_error);
// All error codes, including OK and ABORTED, as with
// Net.ErrorCodesForMainFrame4
base::UmaHistogramSparse("Net.WebSocket.ErrorCodes", -net_error);
if (net::IsLocalhost(request->url())) {
base::UmaHistogramSparse("Net.WebSocket.ErrorCodes_Localhost", -net_error);
} else {
base::UmaHistogramSparse("Net.WebSocket.ErrorCodes_NotLocalhost",
-net_error);
}
if (net_error != OK) {
DVLOG(3) << "OnResponseStarted (request failed)";
owner_->ReportFailure(net_error);
return;
}
const int response_code = request->GetResponseCode();
DVLOG(3) << "OnResponseStarted (response code " << response_code << ")";
if (request->response_info().connection_info ==
HttpResponseInfo::CONNECTION_INFO_HTTP2) {
if (response_code == HTTP_OK) {
owner_->PerformUpgrade();
return;
}
owner_->ReportFailure(net_error);
return;
}
switch (response_code) {
case HTTP_SWITCHING_PROTOCOLS:
owner_->PerformUpgrade();
return;
case HTTP_UNAUTHORIZED:
owner_->OnFinishOpeningHandshake();
owner_->ReportFailureWithMessage(
"HTTP Authentication failed; no valid credentials available");
return;
case HTTP_PROXY_AUTHENTICATION_REQUIRED:
owner_->OnFinishOpeningHandshake();
owner_->ReportFailureWithMessage("Proxy authentication failed");
return;
default:
owner_->ReportFailure(net_error);
}
}
void Delegate::OnAuthRequired(URLRequest* request,
AuthChallengeInfo* auth_info) {
base::Optional<AuthCredentials> credentials;
// This base::Unretained(this) relies on an assumption that |callback| can
// be called called during the opening handshake.
int rv = owner_->connect_delegate()->OnAuthRequired(
scoped_refptr<AuthChallengeInfo>(auth_info), request->response_headers(),
request->GetSocketAddress(),
base::BindOnce(&Delegate::OnAuthRequiredComplete, base::Unretained(this),
request),
&credentials);
request->LogBlockedBy("WebSocketStream::Delegate::OnAuthRequired");
if (rv == ERR_IO_PENDING)
return;
if (rv != OK) {
request->LogUnblocked();
owner_->ReportFailure(rv);
return;
}
OnAuthRequiredComplete(request, nullptr);
}
void Delegate::OnAuthRequiredComplete(URLRequest* request,
const AuthCredentials* credentials) {
request->LogUnblocked();
if (!credentials) {
request->CancelAuth();
return;
}
request->SetAuth(*credentials);
}
void Delegate::OnCertificateRequested(URLRequest* request,
SSLCertRequestInfo* cert_request_info) {
// This method is called when a client certificate is requested, and the
// request context does not already contain a client certificate selection for
// the endpoint. In this case, a main frame resource request would pop-up UI
// to permit selection of a client certificate, but since WebSockets are
// sub-resources they should not pop-up UI and so there is nothing more we can
// do.
request->Cancel();
}
void Delegate::OnSSLCertificateError(URLRequest* request,
const SSLInfo& ssl_info,
bool fatal) {
owner_->connect_delegate()->OnSSLCertificateError(
std::make_unique<SSLErrorCallbacks>(request), ssl_info, fatal);
}
void Delegate::OnReadCompleted(URLRequest* request, int bytes_read) {
NOTREACHED();
}
} // namespace
WebSocketStreamRequest::~WebSocketStreamRequest() = default;
WebSocketStream::WebSocketStream() = default;
WebSocketStream::~WebSocketStream() = default;
WebSocketStream::ConnectDelegate::~ConnectDelegate() = default;
std::unique_ptr<WebSocketStreamRequest> WebSocketStream::CreateAndConnectStream(
const GURL& socket_url,
std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
const url::Origin& origin,
const GURL& site_for_cookies,
const HttpRequestHeaders& additional_headers,
URLRequestContext* url_request_context,
const NetLogWithSource& net_log,
std::unique_ptr<ConnectDelegate> connect_delegate) {
auto request = std::make_unique<WebSocketStreamRequestImpl>(
socket_url, url_request_context, origin, site_for_cookies,
additional_headers, std::move(connect_delegate), std::move(create_helper),
nullptr);
request->Start(std::make_unique<base::OneShotTimer>());
return std::move(request);
}
std::unique_ptr<WebSocketStreamRequest>
WebSocketStream::CreateAndConnectStreamForTesting(
const GURL& socket_url,
std::unique_ptr<WebSocketHandshakeStreamCreateHelper> create_helper,
const url::Origin& origin,
const GURL& site_for_cookies,
const HttpRequestHeaders& additional_headers,
URLRequestContext* url_request_context,
const NetLogWithSource& net_log,
std::unique_ptr<WebSocketStream::ConnectDelegate> connect_delegate,
std::unique_ptr<base::OneShotTimer> timer,
std::unique_ptr<WebSocketStreamRequestAPI> api_delegate) {
auto request = std::make_unique<WebSocketStreamRequestImpl>(
socket_url, url_request_context, origin, site_for_cookies,
additional_headers, std::move(connect_delegate), std::move(create_helper),
std::move(api_delegate));
request->Start(std::move(timer));
return std::move(request);
}
void WebSocketDispatchOnFinishOpeningHandshake(
WebSocketStream::ConnectDelegate* connect_delegate,
const GURL& url,
const scoped_refptr<HttpResponseHeaders>& headers,
const HostPortPair& socket_address,
base::Time response_time) {
DCHECK(connect_delegate);
if (headers.get()) {
connect_delegate->OnFinishOpeningHandshake(
std::make_unique<WebSocketHandshakeResponseInfo>(
url, headers, socket_address, response_time));
}
}
} // namespace net